Why you need strong, unique passwords

Strong and varied passwords are the best defense against hackers and other unauthorized users attempting to gain access to your online accounts. Hackers can use sophisticated tools to guess at probable combinations of characters to crack a password.

In the past, where “brute forcing” a password simply meant attempting every possible combination of letters and numbers until the software happened upon the correct sequence. That took a lot of time and computing power, making it worthwhile for hackers to only crack the simplest and shortest passwords.

Nowadays, however, password cracking software is much more advanced. It significantly narrows down possible alphanumeric combinations by analyzing and inputting common patterns, saving hackers time and resources. Advanced password crackers can predict punctuation and capitalization patterns based on always-improving rulesets, dictionaries, and the growing number of leaked and cracked password lists.

How to make strong passwords

To combat these advancements, today’s passwords need the following traits:

At least 12 characters long is recommended, 8 at the minimum

A combination of both upper- and lower-case letters, numbers, and symbols

Random enough that they do not contain any predictable sequence

This tool accomplishes all of the above in one easy step. You may generate as many passwords as you like.

And most likely, you’ll need several. Experts recommend a unique password for every account. Even if you have a strong password, it could still be leaked to hackers in a breach unbeknownst to you. If you use the same password across multiple accounts, all of those accounts would then be at risk.

Password managers

Memorizing all of those passwords is a tall order. If you struggle to remember all of them, try using a password manager. A password manager is a piece of software, usually an app or browser extension, that securely stores all of your passwords in an encrypted format. Whenever you need to log into a website, you just need to enter a single master password, and the password manager will input the appropriate stored password on your behalf.

2SV and 2FA

Finally, we encourage you to enable two-step verification (2SV) or two-factor authentication (2FA) on all accounts that support them. These security measures require anyone logging into one of your accounts from a new or unfamiliar device to verify their identity through some alternative means. Two-step verification typically involves sending a one-use expiring PIN code to your email, SMS, or authentication app (Google Authenticator, Authy, et al). 2FA includes technologies like smart cards, Yubikeys, and biometric scans.

More info about this tool

Our password creator is implemented entirely in client-side Javascript, and the whole password generation process takes place on your browser. We do not store anything and no data is transmitted over the internet.

All of the code used to build the password creator is our own, and the password checker is based on open-source code. Choosing characters is done via the Math.random() Javascript method. If too few numbers or symbols are present in the password variant, the Math.random method is used again to pick a numeric character to replace a non-numeric character in the password, and then the password characters are shuffled again using an algorithm based on Math.random. This process is repeated for symbols.

For passwords of at least 12 characters: Once the password string is obtained, a strength check is performed. If the check does not return a score of 100, the password is regenerated and checked again until a strength score of 100% is reached.

The 100% strength check is not enforced if the sum of the minimum number of symbols and the minimum number of digits equals the configured password length. For passwords under 12 characters, the strength score will be lower, and two passwords of the same length can have different strength scores.

The user may set the minimum number of numeric characters that should be present in the password. Be wary of setting this too high, however, as a password that contains too many numbers will actually make it weaker. Users can also check the box to remove ambiguous characters, which in certain fonts may look alike. These include: B8G6I1lO0QDS5Z2.

We remind users that hackers can get lucky and guess even the strongest of passwords. We make no guarantee that the passwords this tool generates will never be cracked.